tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sammaiah Kyatham <sammaiahf...@googlemail.com>
Subject Re: Question: Tomcat SSL configuration issue
Date Fri, 29 Jul 2011 20:44:26 GMT
Hello Felix,

Thanks for the response.

I have received new certificated based on new CSR generated.
While importing cert in to key, I'm getting the following error:
java.lang.Exception: Failed to establish chain from reply

Here is the keytool command that I used for this:

keytool -import -alias tomcat -keystore c:/cert/final/private_key
-trustcacerts -file c:/cert/final/cert.cer.txt
Enter keystore password:
keytool error: java.lang.Exception: Failed to establish chain from reply

I'm I missing something here.... Thanks in advance.

Sammaiah


On 27 July 2011 19:41, Felix Schumacher
<felix.schumacher@internetallee.de>wrote:

>
>
> Sammaiah Kyatham <sammaiahforu@googlemail.com> schrieb:
>
> >Hello,
> >
> Your keystore has no private key.
> The output of keytool below shows only a certificate.
> You can use keytool -importkeystore to import key and certificate at the
> same time.
>
> Regards
>  Felix
> >Could you help me on this issue. I spent many hours with the various
> >options
> >> and couldn’t resolve.
> >>
> >>
> >>
> >> I have configured the server.xml as per the tomcat configuration,
> >however
> >> I’m getting below errors.
> >>
> >>
> >>
> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> >> keystoreFile="C:\Program Files\Java\jre6\bin\hakioskcheckin2_key"
> >> keystorePass="PrivatePWD" keyAlias="tomcat" maxThreads="150"
> >scheme="https"
> >> secure="true" clientAuth="false" sslProtocol="TLS" />
> >>
> >>
> >>
> >> The exception in Catelina log:
> >>
> >>
> >>
> >> Jul 27, 2011 4:28:25 PM org.apache.coyote.http11.Http11Protocol init
> >>
> >> SEVERE: Error initializing endpoint
> >>
> >> java.io.IOException: Alias name tomcat does not identify a key entry
> >>
> >>             at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
> >>
> >>             at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:481)
> >>
> >>             at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
> >>
> >>             at
> >> org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> >>
> >>             at
> >> org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> >>
> >>             at
> >>
> >org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
> >>
> >>             at
> >>
>
> >org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
> >>
> >>             at
> >>
>
> >org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
> >>
> >>             at
> >> org.apache.catalina.startup.Catalina.load(Catalina.java:538)
> >>
> >>             at
> >> org.apache.catalina.startup.Catalina.load(Catalina.java:562)
> >>
> >>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >Method)
> >>
> >>             at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> >Source)
> >>
> >>             at
> >sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
> >> Source)
> >>
> >>
> >>
> >>
> >>
> >> When list the key using keytool, It lists alias tomcat as
> >>
> >> keytool -list -keystore hakioskcheckin2_key -storepass XXXXXX
> >> Keystore type: JKS
> >> Keystore provider: SUN
> >>
> >> Your keystore contains 1 entry
> >>
> >> tomcat, Jul 26, 2011, trustedCertEntry,
> >> Certificate fingerprint (MD5): -removed intentionally-
> >>
> >>
> >>
> >> *If I remove alias from server.xml then following exception is
> >throwing*
> >>
> >>
> >java.io.IOException<
> http://download.oracle.com/javase/6/docs/api/java/io/IOException.html>:
> >> jsse.invalid_ssl_conf
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
> >>
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
> >>
> >> at
> >>
>
> >org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
> >>
> >> at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
> >> at
> >org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
> >> at
> >org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
> >>
> >> at
> >>
>
> >org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
> >>
> >> at
> >>
>
> >org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
> >>
> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message